WO2017148313A1 - 共管账户的授权方法和装置、共管账户的认证方法和装置 - Google Patents

共管账户的授权方法和装置、共管账户的认证方法和装置 Download PDF

Info

Publication number
WO2017148313A1
WO2017148313A1 PCT/CN2017/074317 CN2017074317W WO2017148313A1 WO 2017148313 A1 WO2017148313 A1 WO 2017148313A1 CN 2017074317 W CN2017074317 W CN 2017074317W WO 2017148313 A1 WO2017148313 A1 WO 2017148313A1
Authority
WO
WIPO (PCT)
Prior art keywords
management
parameter
user
authentication parameter
side authentication
Prior art date
Application number
PCT/CN2017/074317
Other languages
English (en)
French (fr)
Chinese (zh)
Inventor
罗凯耀
Original Assignee
阿里巴巴集团控股有限公司
罗凯耀
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司, 罗凯耀 filed Critical 阿里巴巴集团控股有限公司
Priority to MYPI2018703032A priority Critical patent/MY194885A/en
Priority to KR1020187028492A priority patent/KR102159874B1/ko
Priority to SG11201807309RA priority patent/SG11201807309RA/en
Priority to EP20214027.3A priority patent/EP3809629B1/de
Priority to EP17759164.1A priority patent/EP3425846B8/de
Priority to JP2018546451A priority patent/JP6755961B2/ja
Priority to PL17759164T priority patent/PL3425846T3/pl
Priority to ES17759164T priority patent/ES2857827T3/es
Publication of WO2017148313A1 publication Critical patent/WO2017148313A1/zh
Priority to PH12018501837A priority patent/PH12018501837A1/en
Priority to US16/119,470 priority patent/US10650135B2/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Definitions

  • the present application relates to the field of network communication technologies, and in particular, to a method and an apparatus for authorizing a condominium account, and a method and apparatus for authenticating a condominium account.
  • a co-management account is an account managed jointly by two or more co-managers, and the co-manager can be either a natural person or a legal person.
  • the co-management account is applicable to the co-manager who needs to jointly control the same account for various reasons, but for the sake of security or trust, it is not possible for a single condominator to grasp all the rights (such as transfer and representation) of the account.
  • the present application provides a method for authorizing a condominium account, which is applied to a client, and the co-management account is jointly managed by N co-managers, and N is a natural number greater than 1, and the method includes:
  • the user-side authentication parameter is the same as or corresponding to the network-side authentication parameter of the condominium account, and is used for authenticating the operation authority of the condominium account;
  • the user-side authentication parameters are split into N parts, corresponding co-management authentication parameters are generated according to each part, and each co-administration authentication parameter is separately written into the device controlled by each co-manager.
  • the method for authorizing a condominium account provided by the application is applied to a server.
  • the co-management account is jointly managed by N co-managers, and N is a natural number greater than 1.
  • the method includes:
  • the user-side authentication parameter is the same as or corresponding to the network-side authentication parameter, and is used for authenticating the operation authority of the condominium account;
  • the user-side authentication parameters are split into N parts, and corresponding co-management authentication parameters are generated according to each part, and each of the co-management authentication parameters is respectively sent to the clients of different co-managers.
  • the method for authorizing a condominium account provided by the present application is applied to a client of a common account co-manager, the co-management account is jointly managed by N co-managers, and N is a natural number greater than 1, the method includes:
  • the co-administration authentication parameter is generated by the server splitting the user-side authentication parameter into N parts, and generating the information according to one part; the user-side authentication parameter is used for the condominium account Operation authority for authentication;
  • the co-administration authentication parameters are saved.
  • the method for authenticating a condominium account provided by the application is applied to a client, and the co-management account is jointly managed by N co-managers, and N is a natural number greater than 1, the method includes:
  • the user side authentication parameter is used to initiate an authentication request to the server, and the server authenticates the operation authority of the condominium account according to the network side authentication parameter; the network side authentication parameter is the same as or corresponds to the user side authentication parameter.
  • the method for authenticating a condominium account provided by the present application is applied to a server.
  • the co-management account is jointly managed by N co-managers, and N is a natural number greater than 1.
  • the method includes:
  • the network side authentication parameter is the same as or corresponding to the user side authentication parameter.
  • the method for authenticating a condominium account provided by the application is applied to a client, and the co-management account is jointly managed by N co-managers, and N is a natural number greater than 1, the method includes:
  • the application also provides an authorization device for the condominium account, which is applied to the client, and the co-management account is jointly managed by N co-managers, and N is a natural number greater than 1, the device includes:
  • a user-side parameter obtaining unit configured to obtain a user-side authentication parameter of the co-management account;
  • the user-side authentication parameter is the same as or corresponding to the network-side authentication parameter of the condominium account, and is used to authenticate the operation authority of the condominium account ;
  • the common pipe parameter writing unit is configured to split the user-side authentication parameter into N parts, generate corresponding co-management authentication parameters according to each part, and write each co-management authentication parameter into the device controlled by each co-manager.
  • the authorization device for the condominium account provided by the application is applied to the server.
  • the condominium account is jointly managed by N co-managers, and N is a natural number greater than 1.
  • the device includes:
  • the authentication parameter obtaining unit is configured to obtain the user side authentication parameter and the network side authentication parameter of the condominium account, and save the network side authentication parameter;
  • the user side authentication parameter is the same as or corresponding to the network side authentication parameter, and is used for the condominium account Operation authority for authentication;
  • the co-management parameter issuance unit is configured to split the user-side authentication parameter into N parts, and generate corresponding co-management authentication parameters according to each part, and send each co-management authentication parameter to the client of different co-manager respectively.
  • the authorization device for the condominium account provided by the application is applied to the client of the common account co-manager, the co-management account is jointly managed by N co-managers, and N is a natural number greater than 1, the device includes:
  • the co-management parameter receiving unit is configured to receive the co-management authentication parameter delivered by the server, and the co-administration authentication parameter is divided into N parts by the server, and according to the a partial generation; the user-side authentication parameter is used to generate an authentication for the operation authority of the condominium account;
  • the condominium parameter saving unit is configured to save the co-management authentication parameter.
  • the authentication device of the condominium account provided by the application is applied to the client, and the co-management account is jointly managed by N co-managers, and N is a natural number greater than 1.
  • the device includes:
  • the common management parameter obtaining unit is configured to obtain N common management authentication parameters of the condominium account
  • a user side parameter combination unit configured to restore a part of the user side authentication parameter according to each of the common management authentication parameters, and combine the N parts into user side authentication parameters
  • the authentication request initiating unit is configured to use the user-side authentication parameter to initiate an authentication request to the server, where the server authenticates the operation authority of the condominium account according to the network-side authentication parameter; the network-side authentication parameter and the user-side authentication The parameters are the same or correspond.
  • the authentication device of the condominium account provided by the application is applied to the server.
  • the condominium account is jointly managed by N co-managers, and N is a natural number greater than 1.
  • the device includes:
  • the common management parameter receiving unit is configured to receive N common management authentication parameters uploaded by the client;
  • a user side parameter combination unit configured to restore a part of the user side authentication parameter according to each of the common management authentication parameters, and combine the N parts into user side authentication parameters
  • the operation authority authentication unit is configured to authenticate the operation authority of the condominium account according to the network side authentication parameter; the network side authentication parameter is the same as or corresponds to the user side authentication parameter.
  • the authentication device of the condominium account provided by the application is applied to the client, and the co-management account is jointly managed by N co-managers, and N is a natural number greater than 1.
  • the device includes:
  • a single co-management parameter obtaining unit configured to acquire a co-management authentication parameter belonging to a certain co-manager
  • the common management parameter uploading unit is configured to upload the common management authentication parameter to the server, and the server restores a part of the user-side authentication parameter according to the common management authentication parameter, and combines with other (N-1) parts as a user.
  • the network side authentication parameter that is the same as or corresponding to the user side authentication parameter is used to authenticate the operation authority of the condominium account.
  • the user-side authentication parameters of the authority authentication are split into N parts, and corresponding co-management authentication parameters are generated according to each part and are controlled by a co-manager, so that the co-manager can provide the co-management authentication parameters through the network to exercise the co-management
  • the operation authority of the account thus realizing the network-based co-management account, greatly facilitating the management operation of the co-manager;
  • the N co-managers when the operation authority of the condominium account is authenticated, the N co-managers provide the respective co-management authentication parameters, and the N-party co-administration parameters are combined to output the user-side authentication parameters, and then the server performs the authority authentication. So that the co-manager can use the network to provide their respective co-management authentication parameters to exercise the authority to operate the co-management account, realize the network-based co-management account, and provide great convenience for the management of the co-management account.
  • FIG. 1 is a flowchart of a method for authorizing an account for managing a client on a client in the first embodiment of the present application
  • FIG. 2 is a schematic diagram of a network structure of an application scenario in Embodiment 1 of the present application;
  • FIG. 3 is a flowchart of a method for authorizing a co-management account applied to a server at the second end of the present application
  • FIG. 4 is a flowchart of a method for authorizing an account for managing a client in a client according to Embodiment 2 of the present application;
  • FIG. 5 is a schematic diagram of a network structure of an application scenario in Embodiment 2 of the present application.
  • FIG. 6 is a flowchart of a method for authenticating a co-management account applied to a client in Embodiment 3 of the present application;
  • FIG. 7 is a flowchart of a method for authenticating an account managed by a client in the fourth embodiment of the present application.
  • FIG. 8 is a flowchart of a method for authenticating a co-management account applied to a server at the fourth embodiment of the present application
  • FIG. 9 is a hardware structure diagram of a device where a client or a server is located.
  • FIG. 10 is a logical structural diagram of an authorization device applied to a client and a managed account in the fifth embodiment of the present application;
  • FIG. 11 is a logical structural diagram of an authorization device applied to a server and a shared account in the sixth embodiment of the present application;
  • FIG. 12 is a logical structural diagram of an authorization device applied to a client and a managed account in the sixth embodiment of the present application;
  • FIG. 13 is a logical structural diagram of an authorization device applied to a client and a shared account in the seventh embodiment of the present application;
  • FIG. 14 is a logical structural diagram of an authorization device applied to a server and a shared account in the eighth embodiment of the present application;
  • FIG. 15 is a logical structural diagram of an authorization device applied to a client and a managed account in the eighth embodiment of the present application.
  • the embodiment of the present application proposes a new co-management account authorization method and a new co-management account authentication method, and the user-side authentication is performed on a co-management account jointly managed by N (N is a natural number greater than 1) co-manager After the parameters are split into N parts, a common management authentication parameter is generated according to each part, and N common management certification parameters are respectively controlled by N co-managers; when performing operation authority authentication, only each co-manager provides their own co-management certification.
  • the parameters can be authenticated by the server after being combined into the user-side authentication parameters, so that the co-manager can manage the shared account through the network, which provides more convenience for the co-manager.
  • the user-side authentication parameter and the network-side authentication parameter are the same or corresponding, and are used to authenticate the operation authority of the condominium account.
  • the user-side authentication parameters are stored by the user, and the network-side authentication parameters are stored on the server.
  • the server uses the network-side authentication parameters to authenticate the user-side authentication parameters provided by the client or the operation request initiated by the client using the user-side authentication parameters. After passing the authentication, the user can perform the requested operation on his account.
  • the user side authentication parameter and the network side authentication parameter are usually automatically generated by the client or the server, and generally not manually set.
  • the client runs on the user side device, and the client may be A condominium-owned device can also be a device used by N co-managers; the server runs on the service provider device of the condominium account.
  • the device where the client is located and the device where the server is located are mutually accessible through the network.
  • the device where the client is located may be a mobile phone, a tablet computer, a PC (Personal Computer), a notebook, a server, etc.; the device where the server is located may be a PC, a notebook, a server, or the like.
  • the server may be a physical or logical server, or may be a physical or logical server that shares two or more different responsibilities, and cooperate with each other to implement various functions in the embodiments of the present application.
  • the embodiments of the present application do not limit the types of devices where the client and the server are located, and the types and protocols of the communication networks.
  • a method for authorizing a co-management account is described in the first embodiment of the present application.
  • the client is responsible for generating and distributing the co-management authentication parameters according to the user-side network parameters, and the process applied to the client is as shown in FIG. 1 .
  • step 110 obtaining user side authentication parameters of the condominium account.
  • user side authentication parameters and network side authentication parameters are usually generated automatically.
  • the client may use an algorithm to generate the same or corresponding user-side authentication parameters and network-side authentication parameters, and upload the generated network-side authentication parameters to the server for use by the server in the authentication process.
  • the server may use the algorithm to generate the same or corresponding user-side authentication parameters and network-side authentication parameters, save the network-side authentication parameters, and send the user-side authentication parameters to the client.
  • the client or the server may generate user-side authentication parameters and network-side authentication parameters by referring to various key and password generation algorithms in the prior art.
  • the client generates an private key and a public key by using an asymmetric encryption algorithm.
  • the key is used as the user-side authentication parameter
  • the public key is used as the network-side authentication parameter.
  • the server uses a symmetric encryption algorithm to generate the same key, and serves as a user-side authentication parameter and a network-side authentication parameter.
  • the user-side authentication parameter is split into N parts, corresponding co-administration authentication parameters are generated according to each part, and each co-administration authentication parameter is separately written into the device controlled by each co-manager.
  • the client splits the user-side authentication parameter into N parts, which are not included in each other, and can be combined into a complete user-side authentication parameter. Clients use each department separately Points, generate corresponding co-management authentication parameters.
  • the specific user-side authentication parameter splitting manner may be determined according to the actual application scenario, an algorithm for generating a co-management authentication parameter, and the like, and is not limited in the embodiment of the present application.
  • the user-side authentication parameter may be split into N segments, and the segment number indicates the ordering of the segment in the user-side authentication parameter (so that when the segments are combined into user-side authentication parameters, the correctness can be made. The order is arranged in all segments), and each segment and its segment number are used as co-management parameters.
  • the user side authentication parameter can be split into 2N segments, and the kth segment, the (k+N) segment, and k (k is a natural number from 1 to N) are used as a mapping algorithm.
  • the inverse algorithm of the mapping algorithm can input the value obtained by decrypting the co-administration authentication parameter, and output the k-th segment corresponding to the co-administration authentication parameter, (k+ N) segments and k.
  • the client writes the generated N co-administrative authentication parameters into the device controlled by each co-manager for use by the co-manager in authorizing the operation of the co-management account.
  • the device that writes the co-management authentication parameter may be a device where the client of the co-manager is located, or a storage medium that is separable from the device where the co-manager client is located.
  • the client running the authorization method of the co-management account may be one of N co-manager clients, or may be a non-N co-manager client. If the co-management parameters are distributed to other clients by a co-manager client, the implementation of the client should ensure that (N-1) co-managed authentication parameters distributed to other co-managers are not left on the client that generated these parameters. .
  • the non-N co-manager clients for example, the client of the service organization that starts the co-management account
  • the Field Communication (near field communication) chip the network structure of the application scenario is shown in Figure 2. Since the NFC chip supports contactless reading, it is more convenient to save the co-management parameters in the NFC chip.
  • a method for authorizing a co-management account is described in the second embodiment of the present application.
  • the server is responsible for generating and distributing the co-management authentication parameters according to the user-side network parameters, and the process applied to the server is as shown in FIG.
  • the process on the client side is shown in Figure 4.
  • step 310 the user side authentication parameter and the network side authentication of the condominium account are obtained. Verify the parameters and save the network side authentication parameters.
  • the server may use an algorithm to generate the same or corresponding user-side authentication parameters and network-side authentication parameters, or may obtain the same or corresponding user-side authentication parameters from other servers in the network that provide the key or password generation service.
  • Network side authentication parameters may be used to generate the same or corresponding user-side authentication parameters and network-side authentication parameters, or may obtain the same or corresponding user-side authentication parameters from other servers in the network that provide the key or password generation service.
  • the server can generate user-side authentication parameters and network-side authentication parameters by referring to various key and password generation algorithms in the prior art.
  • the server can generate the same key by using a symmetric encryption algorithm, and serves as a user-side authentication parameter and a network-side authentication parameter.
  • the server saves the obtained network side authentication parameters locally or a storage location accessible in the network.
  • step 320 the user-side authentication parameter is split into N parts, and corresponding co-management authentication parameters are generated according to each part, and each of the co-management authentication parameters is respectively sent to the clients of different co-managers.
  • the user side authentication parameter may be divided into N segments, and each segment and its segment sequence number are used as a common management authentication parameter.
  • the server sends the generated C-certified parameters to the clients of different co-managers.
  • a network structure of the application scenario is shown in Figure 5.
  • step 410 receiving the co-management authentication parameter delivered by the server.
  • the co-management authentication parameter delivered by the server is split into N parts by the server, and then generated according to one part.
  • the co-managed authentication parameter includes one of the N segments of the user-side authentication parameter, and a segmentation sequence number for the segment.
  • step 420 the received co-management authentication parameters are saved.
  • the client can save the received co-management authentication parameters locally on the device where the client is located. It can also be stored in a storage medium that can be separated from the device where the client is located, such as an NFC chip or a USB (Universal Serial Bus) flash memory. Disk and so on.
  • a storage medium that can be separated from the device where the client is located, such as an NFC chip or a USB (Universal Serial Bus) flash memory. Disk and so on.
  • the user side network parameters are split. After N parts, a common management authentication parameter is generated for each part, and N common management certification parameters are respectively controlled by N co-managers. After each co-manager provides its own co-management authentication parameters, the operation authority for the condominium account can be exercised.
  • the above two embodiments of the present application implement a network-based co-management account, which provides greater convenience for the co-manager's account operation.
  • a method for authenticating a co-management account is described.
  • the client is responsible for generating user-side network parameters according to the N co-management authentication parameters.
  • the process applied to the client is as shown in FIG. 6.
  • Step 610 Obtain N common management authentication parameters of the condominium account.
  • Each of the N co-managers of the co-management account controls a co-management authentication parameter. After the N co-managers agree to perform a certain authentication-only operation on the co-management account, each co-manager may provide the co-management authentication parameters controlled by the co-manager to the client running the co-management account authentication method of the embodiment.
  • the client running the co-management account authentication method in this embodiment can read N devices from the devices of the N co-manager clients. Co-management parameters, or co-management parameters sent by clients receiving N co-managers. If the co-manager saves the co-management authentication parameters it controls in all of its storage media (such as NFC chips belonging to each co-owner, or storage media such as a USB flash drive), the client running the co-managed account authentication method can access the storage from these stores. N common condominium authentication parameters are read in the medium.
  • the client running the co-management account authentication method may be a client of a certain co-manager or a client of a non-co-manager.
  • the client running the co-management account authentication method is a client of a co-manager and the co-management authentication parameter of the co-manager is stored locally on the device where the client is located, the client only needs to read the saved co-management authentication parameter locally.
  • Step 620 Restore a part of the user-side authentication parameter according to each of the common-party authentication parameters, and combine the N parts into user-side authentication parameters.
  • the client After obtaining the N co-management authentication parameters, the client reversely restores a part of the corresponding user-side authentication parameter from each of the co-management authentication parameters in the manner used to generate the co-management authentication parameter (that is, the part used to generate the co-management authentication parameter) Part), after combining N parts,
  • the user side authentication parameters can be obtained.
  • a segment of the user-side authentication parameter and the segment can be parsed from each of the CMS authentication parameters.
  • the segment number of the segment is connected to the N segment segments according to the segment number of each segment to generate user-side authentication parameters.
  • Step 630 The user side authentication parameter is used to initiate an authentication request to the server, and the server authenticates the operation authority of the condominium account according to the network side authentication parameter.
  • the form of the authentication request initiated by the user-side authentication parameter may be different according to the specific implementation manner of the authority authentication between the client and the server in the actual application scenario.
  • the client may carry the user-side authentication parameter in the authentication request, and the server compares the user-side authentication parameter in the authentication request with the saved network-side authentication parameter. If the same or corresponding, the authentication request passes.
  • the client can perform the requested operation on the condominium account; otherwise, the client's request is rejected.
  • the client may use the private key (ie, the user side authentication parameter) to identify one of the authentication request or the authentication request. Or some fields are digitally signed, and the authentication request with the digital signature is sent to the server; the server uses the public key of the co-administrative account of the authentication request operation object (ie, the network side authentication parameter) to verify the authentication request. If passed, the client is allowed to perform the requested operation on the condominium account, otherwise the client's request is rejected.
  • the private key ie, the user side authentication parameter
  • the server uses the public key of the co-administrative account of the authentication request operation object (ie, the network side authentication parameter) to verify the authentication request. If passed, the client is allowed to perform the requested operation on the condominium account, otherwise the client's request is rejected.
  • a method for authenticating a co-management account is described in the fourth embodiment of the present application.
  • the server is responsible for generating user-side network parameters according to the N common-party authentication parameters.
  • the process applied to the server is as shown in FIG. 7 and is applied to the client. As shown in Figure 8.
  • step 810 obtaining a co-management authentication parameter belonging to a certain co-manager.
  • the client can read the common management authentication parameter from the local device, or receive the common management authentication parameter sent by the client that saves the common management authentication parameter, or can read from the storage medium belonging to a certain common controller. Co-management parameters.
  • the co-management authentication parameter is uploaded to the server, and the server restores a part of the user-side authentication parameter according to the co-administration authentication parameter, and cooperates with other (N-1)
  • the network-side authentication parameter that is the same as or corresponding to the user-side authentication parameter is used to authenticate the operation authority of the co-management account.
  • step 710 the N co-administration authentication parameters uploaded by the client are received.
  • the client and the server can support a certain mode or multiple modes at the same time.
  • a certain mode or multiple modes at the same time.
  • each co-manager instructs its client to obtain the co-management authentication parameters of the co-manager, and then sends it to the server in the co-management operation request.
  • the client may also carry the operation content of the co-management account in the co-management account operation request, and inform the server of the operation to be authorized by the request.
  • a co-manager can send a co-management account authorization request from its client to other co-manager clients, carrying the operational content of the co-management account.
  • the client that agrees to perform the operation (including the co-manager who initiates the authorization request to other co-managers) separately sends a co-management operation operation request to the server, including the condominium's co-management authentication parameter (which may also include the operation content) ).
  • a co-manager sends a co-management operation request to the server, carrying the requested action content.
  • the server After receiving the operation request of the condominium account, the server sends a co-management parameter upload request to each co-manager client of the co-management account, and carries the operation content of the co-manager who initiates the operation request.
  • the client After the client receives the co-management operation request, if the co-manager agrees to perform the operation, the co-management authentication parameter is replied to the server in response to the co-management operation request.
  • a co-manager sends a co-management account operation request to the server, carrying the requested operation content and the co-management co-management authentication parameter.
  • the server After receiving the operation request of the condominium account, the server sends a co-management authentication parameter upload request to the client of the other co-manager of the co-management account (other than the co-manager who initiates the operation request), and carries the request for initiating operation The content of the operation that the co-manager has to perform.
  • the co-manager's client receives the co-management operation request, if the co-manager agrees to perform the operation, the co-management authentication parameter is replied to the server in response to the co-management operation request.
  • step 720 a part of the user side authentication parameter is restored according to each of the common management authentication parameters, and the N parts are combined into a user side authentication parameter.
  • the server After obtaining the N co-management authentication parameters, the server reversely restores a part of the corresponding user-side authentication parameter from each of the co-management authentication parameters in the manner used to generate the co-management authentication parameter (that is, the part used to generate the co-management authentication parameter) Part), after combining the N parts, the user side authentication parameters can be obtained.
  • a segment of the user-side authentication parameter and the segment can be parsed from each of the CMS authentication parameters.
  • the segment number of the segment is connected to the N segment segments according to the segment number of each segment to generate user-side authentication parameters.
  • step 730 the operation authority of the condominium account is authenticated according to the network side authentication parameter.
  • the server matches the saved network-side authentication parameter with the user-side authentication parameter. If the two are the same or corresponding, the authentication is passed, and the client is allowed to perform the requested operation on the condominium account. Otherwise, the client's operation request for the condominium account is rejected.
  • the server obtains the user-side authentication parameters from the N co-administration parameters, and adopts The network side authentication parameter authenticates the operation authority of the condominium account.
  • the co-manager can provide the respective co-management authentication parameters through the network to exercise the authority to operate the co-management account, realize the network-based co-management account, and facilitate the operation of the co-manager.
  • Mobile terminal with NFC function when authorizing the operation authority of the condominium account A RSA algorithm (an asymmetric encryption algorithm) is used to generate a pair of RSA public and private keys for the condominium account.
  • the public key is uploaded by the mobile terminal to the server, and is saved as the network side authentication parameter of the condominium account.
  • the mobile terminal splits the private key into three segments and generates a segment sequence number for each segment; the mobile terminal uses each segment and its segment sequence number as a co-management co-management authentication parameter, through the NFC card reader.
  • the pattern is written to the condominant's NFC tag.
  • Three NFC tags written with different co-management parameters are held by three co-managers.
  • the three condominators When it is desired to perform the operation of requiring the authority authentication for the condominium account, the three condominators respectively provide the NFC tags held by them, and the NFC-enabled mobile terminal reads out the 3 stored in the three NFC tags through the NFC card reader mode.
  • Co-management authentication parameters The mobile terminal parses a segment of the private key and the segment sequence number of the segment from each of the co-management authentication parameters, and connects the three segments according to the segmentation sequence number to form a private key of the condominium account.
  • the mobile terminal digitally signs any data by using the user side authentication parameter and uploads it to the server.
  • the server will use the public key of the condominium account to check the submitted data to determine whether the authentication is passed. After the authentication is passed, the mobile terminal can operate the condominium account.
  • the embodiment of the present application further provides two types of co-management account authorization devices applied on the client, a co-management account authorization device applied to the server, two co-administrator account authentication devices applied on the client, and an application.
  • These devices can be implemented by software or by hardware or a combination of hardware and software.
  • the CPU Central Process Unit
  • the device where the client or the server is located reads the corresponding computer program instructions into the memory.
  • the device where the client or server is located usually includes other hardware such as a chip for transmitting and receiving wireless signals, and/or Other hardware such as boards that implement network communication functions.
  • FIG. 10 is a schematic diagram of an apparatus for authorizing a condominium account according to Embodiment 5 of the present application, which is applied to a client, where the condominium account is jointly managed by N co-managers, and N is a natural number greater than 1, and the device includes a user side.
  • the user-side parameter obtaining unit is configured to obtain a user-side authentication parameter of the condominium account
  • the user-side authentication parameter is the same as or corresponding to the network-side authentication parameter of the condominium account, and is used by For the total The operation authority of the management account is authenticated
  • the common management parameter writing unit is configured to split the user-side authentication parameter into N parts, generate corresponding co-management authentication parameters according to each part, and write each common management authentication parameter separately for each In a device controlled by the coordinator.
  • the user-side parameter obtaining unit is specifically configured to: generate a user-side authentication parameter and a network-side authentication parameter of the co-management account, and upload the network-side authentication parameter to the server.
  • the user side authentication parameter and the network side authentication parameter may include: a private key and a public key of the asymmetric encryption algorithm.
  • the user-side parameter obtaining unit is specifically configured to: receive, by the server, user-side authentication parameters generated by the server.
  • the common pipe parameter writing unit is specifically configured to: divide the user-side authentication parameter into N segments, and use each segment and its segment serial number as a common management authentication parameter, and respectively set each of the common management authentication parameters. Write to the device controlled by each moderator.
  • the device controlled by each moderator includes: a near field communication NFC chip belonging to each moderator.
  • FIG. 11 is a schematic diagram of an apparatus for authorizing a condominium account according to Embodiment 6 of the present application, which is applied to a server, where the condominium account is jointly managed by N co-managers, N is a natural number greater than 1, and the device includes an authentication parameter.
  • the acquiring unit and the co-management parameter issuing unit wherein: the authentication parameter obtaining unit is configured to obtain the user-side authentication parameter and the network-side authentication parameter of the condominium account, and save the network-side authentication parameter; the user-side authentication parameter is the same as the network-side authentication parameter or Correspondingly, the operation authority for authenticating the co-management account is authenticated; the co-management parameter issuance unit is configured to split the user-side authentication parameter into N parts, and generate corresponding co-management authentication parameters according to each part, and each co-management The authentication parameters are sent to the clients of different co-managers.
  • the common pipe parameter issuing unit is specifically configured to: divide the user side authentication parameter into N segments, and use each segment and its segment sequence number as a common management authentication parameter, and respectively set each of the common management authentication parameters. Issued to clients of different condominants.
  • the authentication parameter obtaining unit is specifically configured to: generate a symmetric key or a password according to a predetermined algorithm, and serve as a user side authentication parameter and a network side authentication parameter.
  • FIG. 12 is a diagram showing an apparatus for authorizing a condominium account according to Embodiment 6 of the present application,
  • the co-management account is jointly managed by N co-managers, N is a natural number greater than 1,
  • the device includes a co-management parameter receiving unit and a co-management parameter receiving unit, wherein: the co-management parameter receiving unit is used Receiving the co-management authentication parameter sent by the server; the co-administration authentication parameter is divided into N parts by the server, and then generated according to one part; the user-side authentication parameter is used for the co-management The operation authority of the account is used for generating the authentication; the condominium parameter saving unit is configured to save the co-management authentication parameter.
  • the co-administration parameter includes: one of the N segments of the user-side authentication parameter and a segment sequence number thereof.
  • the common pipe parameter saving unit is specifically configured to: save the common pipe authentication parameter in a device where the client is located, or store in a storage medium that can be separated from the device where the client is located.
  • the device 13 is a device for authenticating a condominium account according to Embodiment 7 of the present application, which is applied to a client, where the condominium account is jointly managed by N co-managers, N is a natural number greater than 1, and the device includes a co-management parameter.
  • the acquiring unit, the user side parameter combining unit, and the authentication request initiating unit wherein: the common pipe parameter obtaining unit is configured to acquire N common management authentication parameters of the condominium account; and the user side parameter combining unit is configured to restore the user side authentication parameter according to each of the common management authentication parameters
  • the authentication request initiation unit is configured to use the user-side authentication parameter to initiate an authentication request to the server, where the server performs the operation on the co-managed account according to the network-side authentication parameter.
  • the authority performs authentication; the network side authentication parameter is the same as or corresponds to the user side authentication parameter.
  • the common management parameter obtaining unit is specifically configured to: obtain N common management authentication parameters of the condominium account from the devices of the N co-manager clients; or read the condominium accounts from the storage media belonging to the N common controllers respectively. N common management certification parameters.
  • the storage media belonging to N co-managers respectively include: a near field communication NFC chip belonging to each of the condominators.
  • the user-side parameter combination unit is specifically configured to: restore a segment of the user-side authentication parameter and a segment sequence number thereof according to each co-management authentication parameter, and connect the N segments according to the segment sequence number to the user.
  • Side authentication parameters are specifically configured to: restore a segment of the user-side authentication parameter and a segment sequence number thereof according to each co-management authentication parameter, and connect the N segments according to the segment sequence number to the user.
  • the user-side authentication parameter and the network-side authentication parameter include: a private key and a public key of the asymmetric encryption algorithm; and the authentication request initiating unit is specifically configured to: target the private key
  • the authentication request initiated by the server is digitally signed, and the server uses the public key to check the authentication request.
  • Embodiment 14 is a device for authenticating a condominium account according to Embodiment 8 of the present application, which is applied to a server, where the co-management account is jointly managed by N co-managers, N is a natural number greater than 1, and the device includes a co-management parameter.
  • the common pipe parameter receiving unit is configured to receive N common management authentication parameters uploaded by the client; and the user side parameter combining unit is configured to restore the user side authentication according to each of the common management authentication parameters a part of the parameter, the N parts are combined into the user side authentication parameter;
  • the operation authority authentication unit is configured to authenticate the operation authority of the condominium account according to the network side authentication parameter;
  • the network side authentication parameter is the same as the user side authentication parameter Or corresponding.
  • the user-side parameter combination unit is specifically configured to: restore a segment of the user-side authentication parameter and its segment sequence number according to each co-management authentication parameter, and connect the N segments according to the segment number thereof to the user side. Authentication parameters.
  • the common pipe parameter receiving unit is specifically configured to: receive N common management authentication parameters respectively uploaded by the clients of the N common controllers.
  • the device further includes an operation request receiving unit and a parameter upload request sending unit, where: the operation request receiving unit is configured to receive a condominium account operation request sent by a certain condominium client, including an operation content; a parameter upload request The sending unit is configured to send a co-administration authentication parameter upload request to the clients of the other (N-1) condominators, including the operation content.
  • the operation request receiving unit is configured to receive a condominium account operation request sent by a certain condominium client, including an operation content
  • a parameter upload request The sending unit is configured to send a co-administration authentication parameter upload request to the clients of the other (N-1) condominators, including the operation content.
  • FIG. 15 is a schematic diagram of an apparatus for authenticating a condominium account according to Embodiment 8 of the present application, which is applied to a client, where the condominium account is jointly managed by N co-managers, and N is a natural number greater than 1, and the device includes a single condominium.
  • a single co-management parameter obtaining unit is configured to obtain a co-management authentication parameter belonging to a certain co-manager
  • the co-management parameter uploading unit is configured to upload the co-management authentication parameter to the server for the server to
  • the co-administration authentication parameter restores a part of the user-side authentication parameter, and after combining with other (N-1) parts as the user-side authentication parameter, adopts the network side authentication parameter that is the same as or corresponding to the user-side authentication parameter.
  • the single co-management parameter obtaining unit is specifically used to: from a certain co-manager
  • the device where the client is located acquires the co-administration authentication parameter; or reads the co-administration authentication parameter from a storage medium belonging to a certain co-manager.
  • the device further includes an operation request sending unit, configured to send a condominium account operation request to the server, including the operation content.
  • an operation request sending unit configured to send a condominium account operation request to the server, including the operation content.
  • the device further includes a parameter uploading request receiving unit, configured to receive a co-administration authentication parameter uploading request sent by the server, where the operation content in the condominium account operation request initiated by a certain coordinator is included; and the co-management parameter uploading The unit is specifically configured to: upload the co-management authentication parameter to the server in response to the co-management parameter upload request.
  • a parameter uploading request receiving unit configured to receive a co-administration authentication parameter uploading request sent by the server, where the operation content in the condominium account operation request initiated by a certain coordinator is included; and the co-management parameter uploading The unit is specifically configured to: upload the co-management authentication parameter to the server in response to the co-management parameter upload request.
  • a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory.
  • RAM random access memory
  • ROM read only memory
  • Memory is an example of a computer readable medium.
  • Computer readable media includes both permanent and non-persistent, removable and non-removable media.
  • Information storage can be implemented by any method or technology.
  • the information can be computer readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, compact disk read only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, Magnetic tape cartridges, magnetic tape storage or other magnetic storage devices or any other non-transportable media can be used to store information that can be accessed by a computing device.
  • computer readable media does not include temporary storage of computer readable media, such as modulated data signals and carrier waves.
  • embodiments of the present application can be provided as a method, system, or computer program product.
  • the present application can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment in combination of software and hardware.
  • the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Telephonic Communication Services (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
PCT/CN2017/074317 2016-03-03 2017-02-21 共管账户的授权方法和装置、共管账户的认证方法和装置 WO2017148313A1 (zh)

Priority Applications (10)

Application Number Priority Date Filing Date Title
MYPI2018703032A MY194885A (en) 2016-03-03 2017-02-21 Authorization method and device for joint account, and authentication method and device for joint account
KR1020187028492A KR102159874B1 (ko) 2016-03-03 2017-02-21 공동 계좌에 대한 인가 방법과 디바이스, 및 공동 계좌에 대한 인증 방법과 디바이스
SG11201807309RA SG11201807309RA (en) 2016-03-03 2017-02-21 Authorization method and device for joint account, and authentication method and device for joint account
EP20214027.3A EP3809629B1 (de) 2016-03-03 2017-02-21 Autorisierungsverfahren und -vorrichtung für ein gemeinsames konto sowie authentifizierungsverfahren und -vorrichtung für ein gemeinsames konto
EP17759164.1A EP3425846B8 (de) 2016-03-03 2017-02-21 Autorisierungsverfahren und -vorrichtung für ein gemeinsames konto sowie authentifizierungsverfahren und -vorrichtung für ein gemeinsames konto
JP2018546451A JP6755961B2 (ja) 2016-03-03 2017-02-21 共同アカウントのための承認方法及びデバイス並びに共同アカウントのための認証方法及びデバイス
PL17759164T PL3425846T3 (pl) 2016-03-03 2017-02-21 Sposób i urządzenie do autoryzacji dla wspólnego rachunku oraz sposób i urządzenie do uwierzytelniania dla wspólnego rachunku
ES17759164T ES2857827T3 (es) 2016-03-03 2017-02-21 Método y dispositivo de autorización para cuenta conjunta y método y dispositivo de autenticación para cuenta conjunta
PH12018501837A PH12018501837A1 (en) 2016-03-03 2018-08-29 Authorization method and device for joint account, and authentication method and device for joint account
US16/119,470 US10650135B2 (en) 2016-03-03 2018-08-31 Authorization method and device for joint account, and authentication method and device for joint account

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610122324.1 2016-03-03
CN201610122324.1A CN107154921A (zh) 2016-03-03 2016-03-03 共管账户的授权方法和装置、共管账户的认证方法和装置

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/119,470 Continuation US10650135B2 (en) 2016-03-03 2018-08-31 Authorization method and device for joint account, and authentication method and device for joint account

Publications (1)

Publication Number Publication Date
WO2017148313A1 true WO2017148313A1 (zh) 2017-09-08

Family

ID=59742498

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/074317 WO2017148313A1 (zh) 2016-03-03 2017-02-21 共管账户的授权方法和装置、共管账户的认证方法和装置

Country Status (12)

Country Link
US (1) US10650135B2 (de)
EP (2) EP3425846B8 (de)
JP (1) JP6755961B2 (de)
KR (1) KR102159874B1 (de)
CN (1) CN107154921A (de)
ES (1) ES2857827T3 (de)
MY (1) MY194885A (de)
PH (1) PH12018501837A1 (de)
PL (1) PL3425846T3 (de)
SG (2) SG10202012187XA (de)
TW (1) TWI690872B (de)
WO (1) WO2017148313A1 (de)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10476855B1 (en) * 2017-08-29 2019-11-12 Salesforce.Com, Inc. Identity confirmation using private keys
WO2020172890A1 (zh) * 2019-02-28 2020-09-03 云图有限公司 客户端为多个客户端和单一服务器生成密钥的方法、设备
WO2020172885A1 (zh) * 2019-02-28 2020-09-03 云图有限公司 单一客户端生成私钥的密钥管理方法、电子设备
US10789390B1 (en) 2019-12-19 2020-09-29 Capital One Services, Llc System and method for controlling access to account transaction information
CN111178875A (zh) * 2019-12-23 2020-05-19 杭州复杂美科技有限公司 钱包账户配置方法、钱包账户应用方法、设备和存储介质
US11669812B2 (en) * 2020-06-05 2023-06-06 Serge M Krasnyansky Contingent payments for virtual currencies
CN111986405B (zh) * 2020-09-01 2022-04-26 中国银行股份有限公司 一种基于自助取款机的共有财产取款验证方法和装置
CN112685730B (zh) * 2021-03-18 2021-06-22 北京全息智信科技有限公司 一种操作系统账户的权限控制方法、装置及电子设备

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102271035A (zh) * 2011-09-02 2011-12-07 华为技术有限公司 传输密码的方法和装置
CN102833076A (zh) * 2012-09-17 2012-12-19 珠海市君天电子科技有限公司 账户信息加密方法和系统
US20150261948A1 (en) * 2014-03-12 2015-09-17 Cognitas Technologies, Inc. Two-factor authentication methods and systems

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7290288B2 (en) * 1997-06-11 2007-10-30 Prism Technologies, L.L.C. Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network
US8285991B2 (en) * 2000-10-25 2012-10-09 Tecsec Inc. Electronically signing a document
JP2002300155A (ja) * 2001-03-30 2002-10-11 Tokyo Electric Power Co Inc:The 相互認証方法及び相互認証システム
JP2003150553A (ja) * 2001-11-14 2003-05-23 Nippon Telegr & Teleph Corp <Ntt> 複数のアカウントを用いた認証方法及び装置並びに処理プログラム
EP1383265A1 (de) * 2002-07-16 2004-01-21 Nokia Corporation Verfahren zur Erzeugung von Proxysignaturen
US7136489B1 (en) * 2002-09-12 2006-11-14 Novell, Inc. Method and system for enhancing network security using a multilateral authorization mechanism
KR20040097016A (ko) * 2004-10-15 2004-11-17 곽현정 암호화를 활용한 웹저장공간 제공 서비스 시스템 및 방법
US8656175B2 (en) * 2005-10-31 2014-02-18 Panasonic Corporation Secure processing device, secure processing method, encrypted confidential information embedding method, program, storage medium, and integrated circuit
US8151333B2 (en) * 2008-11-24 2012-04-03 Microsoft Corporation Distributed single sign on technologies including privacy protection and proactive updating
US8190757B1 (en) * 2009-03-31 2012-05-29 Symantec Corporation Systems and methods for automatically binding client-side applications with backend services
CN102611558B (zh) * 2012-04-27 2014-12-17 西安电子科技大学 基于幻方的多人共管电子账户密钥分配和身份认证方法
EP2947812B1 (de) * 2013-01-17 2018-03-14 Nippon Telegraph and Telephone Corporation System zur segmentierten speicherung geheimer schlüssel, segmentspeicherungeinrichtung, und speicherverfahren für segmentierte geheimschlüssel
CN104917604B (zh) * 2014-03-12 2018-05-11 北京信威通信技术股份有限公司 一种密钥分配方法
US20190266576A1 (en) * 2018-02-27 2019-08-29 Anchor Labs, Inc. Digital Asset Custodial System

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102271035A (zh) * 2011-09-02 2011-12-07 华为技术有限公司 传输密码的方法和装置
CN102833076A (zh) * 2012-09-17 2012-12-19 珠海市君天电子科技有限公司 账户信息加密方法和系统
US20150261948A1 (en) * 2014-03-12 2015-09-17 Cognitas Technologies, Inc. Two-factor authentication methods and systems

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3425846A4 *

Also Published As

Publication number Publication date
KR102159874B1 (ko) 2020-09-24
JP2019507559A (ja) 2019-03-14
EP3425846B8 (de) 2021-03-10
JP6755961B2 (ja) 2020-09-16
EP3425846A1 (de) 2019-01-09
TWI690872B (zh) 2020-04-11
EP3809629A1 (de) 2021-04-21
CN107154921A (zh) 2017-09-12
PH12018501837A1 (en) 2019-05-15
ES2857827T3 (es) 2021-09-29
US20180365410A1 (en) 2018-12-20
EP3809629B1 (de) 2022-08-10
MY194885A (en) 2022-12-21
KR20180127384A (ko) 2018-11-28
EP3425846A4 (de) 2019-10-23
SG11201807309RA (en) 2018-09-27
US10650135B2 (en) 2020-05-12
PL3425846T3 (pl) 2021-07-05
TW201734908A (zh) 2017-10-01
SG10202012187XA (en) 2021-01-28
EP3425846B1 (de) 2020-12-16

Similar Documents

Publication Publication Date Title
WO2017148313A1 (zh) 共管账户的授权方法和装置、共管账户的认证方法和装置
JP6573627B2 (ja) 補助デバイスを使用したサービス認可
CN107231331B (zh) 获取、下发电子证件的实现方法和装置
TWI530150B (zh) Identity authentication device and method thereof
US9219722B2 (en) Unclonable ID based chip-to-chip communication
US10523652B2 (en) Secure identity sharing using a wearable device
DE102015215120A1 (de) Verfahren zur verwendung einer vorrichtung zum entriegeln einer weiteren vorrichtung
JP2020528675A (ja) Id情報に基づく暗号鍵管理
US20070255951A1 (en) Token Based Multi-protocol Authentication System and Methods
CN105612716A (zh) 具有密钥的资源定位符
JP2023535013A (ja) 量子安全支払いシステム
EP3782062B1 (de) Passwortrücksetzung für eine mehrdomänenumgebung
CN110445840B (zh) 一种基于区块链技术的文件存储和读取的方法
US20170201550A1 (en) Credential storage across multiple devices
US20120311331A1 (en) Logon verification apparatus, system and method for performing logon verification
JP2022518061A (ja) デジタル資産の所有権を譲渡するための方法、コンピュータプログラム製品、および装置
WO2015117212A1 (pt) Solução geradora e emissora de código de segurança com garantia de autenticidade e origem do emissor
JP6240102B2 (ja) 認証システム、認証鍵管理装置、認証鍵管理方法および認証鍵管理プログラム
US10666644B2 (en) Enterprise key and password management system
CN106161366A (zh) 一种减少ssl占用空间的方法及系统
Gajmal et al. Analysis of Authentication based Data Access Control Systems in Cloud
KR20200059908A (ko) 사용자 개인정보 관리 장치 및 방법
Das et al. Performance analysis of client side encryption tools
CN115150831A (zh) 入网请求的处理方法、装置、服务器及介质
Bu Research on Digital Encryption Security Information System Based on Identity Authentication

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 11201807309R

Country of ref document: SG

ENP Entry into the national phase

Ref document number: 2018546451

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 20187028492

Country of ref document: KR

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2017759164

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2017759164

Country of ref document: EP

Effective date: 20181004

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17759164

Country of ref document: EP

Kind code of ref document: A1